SAP Web Application Server 6.x/7.0 - Open Redirect

frameset.htm in the BSP runtime in SAP Web Application Server WAS 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. id: CVE-2005-3634 info: name: SAP Web...

SAP BusinessObjects Financial Consolidation 10.0.0.1933 Cross Site Scripting Vulnerability

SAP BusinessObjects Financial Consolidation version 10.0.0.1933 suffers from a cross site scripting vulnerability in the help component. Description Cross-site scripting XSS vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to...

SAP Web Application Server 6.x/7.0 frameset.htm sap-syscmd Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/15361/info SAP Web Application Server is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage thes...

CVE-2005-3634

frameset.htm in the BSP runtime in SAP Web Application Server WAS 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter...

CVE-2005-3633

The CVE-2005-3633 entry describes an HTTP response splitting vulnerability in SAP Web Application Server (WAS) 6.10 through 7.00. The issue affects frameset.htm, allowing remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. The vulnerability’s root cause is improper ha...

CVE-2005-3634

SAP Web Application Server (WAS) 6.10–7.00 is affected by an open redirect in frameset.htm of the BSP runtime. A remote attacker can cause users to log out and be redirected to arbitrary sites by manipulating sap-sessioncmd (close) and sap-exiturl parameters. The vulnerability is tied to the BSP ...